Think before you click?
Sound failure? You
read in news articles or hear it from your security group at work but what does
it all mean? Its obvious many people
don’t know exactly what is being taught in these lectures or alerts because
even the best of us still infect our machines with malware delivered by a
single simple email.
Phishing is the
term used to describe this method of delivering malware to a unaware victim,
and often the email pertains substance related to something you might actually
be waiting for, making you more inclined to click the link.
That email you receive at home or work that looks like a
bill with failure to pay or a message with a chance to win millions of dollars
contains a link to respond. This is actually a link, which will end in a really
bad day for you or your security department, and your poor computer.
These are often links used in malware kit campaigns or spam
that have gotten past your companies email security parameter or your personal
web hosts security.
Once the link is clicked the computers browser will reach
out to the destination host and deliver the “not so wanted” contents. This is really all it takes for your machine
to be compromised with even the most heinous of infections, which either steal
your personal information or completely render your computer useless, or worse
use your computer to attack other computers or worse servers. Scary huh?
“But the link actually said Xyz.com Company.” You say. Well sure it does. It’s a simple html technique in most cases
(often even url redirects or DNS fast flux, which are to deep for this
discussion) by which the author titles the link one thing and embeds another in
a link you cant see.
What you can do is hover the link and see at the bottom of
your email client (depending on your client) and actually see what URL the link is going to take you. In other email clients you can simply right
click on the link in the email and select
“copy url” which stores it in clipboard
which will allow you to paste it into a plain txt format.
Now the magic you might not know. There are several safe tools online you can
test this link which will actually show you the content of the link, a
screenshot of the link, and if its malicious.
I know this is a lot of work but If you’ve ever had to format your
computer and lose all your data its worth the effort. Trust me.
Tools:
Urlquery.net: Simply paste the url from the clipboard by
right clicking and select paste and the context of the link will appear in the
field titled “profile url” and click go.
This will give you a bunch of information that may or may not be useful
but it will also display a picture box in the top right corner, which will show
you a page of what you were going to receive had you clicked on that link. As far as the information below lets just say
lots of RED is BAD!
VirusTotal™ :
This site is for uploading samples for analysis but lucky for you it can also
be used to track url’s. Simply choose
the search url field and again paste in the link and click “submit”. This will give you a full report of what
content that link actually delivers including a very though report of exploits,
malware and a community reputation score.
There are several tools out there which allow you to scan
content in this manor but these are the ones I use and trust for even deep dive
analyses of malware.
I hope this helps you and your organization keep your PC’s
safe and sound.
Happy emailing!!
RazorEQX
References:
No comments:
Post a Comment